Need some clarification
-
Make sure the machine behind the firewall is using the pfSense box as its default gateway. Also try telnetting from pfSense itself to the box.
If that does not work then I am out of ideas without accessing the systems directly but unfortunately I do not have the time for that (too many commercial support jobs waiting for my time).
-
No worries, I realize the forums are not the primary income for you guys. Thanks for your time on the matter thus far. Would posting the info from the /temp/rules.debug help anyone else here on the forums? This is really aggravating.
Edit - and yes, the system I ran the telnet from is using the pfsense box for the DG.
-
Ok, now I'm livid. I thought for sure that this was a problem with my pfsense box, and that no matter what I did, I couldn't forward ports.
However, I just successfully opened 8080, and it tested accordingly. I removed the rule and the port reported as closed.
Why the hell does 27015 not work? I'm not the only one here with this problem. Why is this such an issue for pfsense? The other threads on this topic remain unanswered to a large degree. So now I KNOW it isn't my fault. It doesn't matter if I change the port to 27016, 27025, etc. 8080 is above "500" so it can't be something relating to anything above 500, so what is it?
-
The reflection ranges > 500 refers to port-ranges of more than 500 ports at once.
Not ports with a number higher than 500.I have personally run a lot of HL/HL2 based servers and never had any problems with forwarding the ports.
How did you configure the server?
I don't remember when exactly that was changed, but there was a time when you started a local server and connected with a public IP, the server itself blocked this connection.Could you try such a setup:
private subnet with testclient | | |WAN pfSense |LAN | | private subnet with server
Make sure that you don't forget to uncheck the "block private subnets" checkbox on the WAN config page.
-
Also check out http://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
-
Also check out http://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
Everything in that guide checks out for me. When I enable the logging, I can see, specifically in the log, where it rejects requests on this port when I try to use it.
Another reason I'm upset, I started downloading the Star Trek Online torrent today, I had to open up port 19661 (a random port uTorrent generated for me in this case) and it forwards perfectly, and I can test it from outside of my network without failure. Why is it then, that when I use the exact same process to open 27015, it doesn't work?
I'll post anything you guys need me to post to help you iron this out. I'm not a total n00b when it comes to networking, but I'm far from an expert. I'm willing to admit there might be something I flubbed in my config early on that is preventing this one port from working, but why just this one port?
-
Everything in that guide checks out for me. When I enable the logging, I can see, specifically in the log, where it rejects requests on this port when I try to use it.
That means there is something wrong in your FW rules, because it's reporting to you it got rejected (packet hits outside of firewall and drops). You want it to pass… Maybe the rules are in the wrong order, or it's for the wrong protocol?
You could try to move your allow rule to the top and make it TCP/UDP.
Otherwise post the exact rule, and the log entry when it's rejected/dropped.
-
Tell you what. Take a screen shot of your NAT and WAN Rules for us.
I am a visual guy. -
Sorry that I didn't get back to you guys, I gave up even after trying to forward the port directly on the DSL modem. It didn't work. Qwest swears that they don't block anything, and the firewall seems to work fine otherwise, so I just chalked it up to a complete inability of the DSL to do it. The server that I was trying to make work on the internet worked just fine if we used OpenVPN to get everyone to connect, so that was my only allowance. Sorry for the outward frustration - I couldn't understand why it wasn't working as it should.
-
seems odd that an ISP would arbitrarily block a high range port (mainly they just do that for things like port 25 etc..) this may be a silly question, but I didn't specifically see it addressed, is there a firewall on the actual L4D2 server box?
I had issues setting up an L4D2 server (issues relating to NAT reflection i believe) I went to 2.0 and it all just worked.
For my server all I forward in from the outside is 27015 UDP I don't even use the manual outbound NAT with static ports (Valve has resolved alot of the NAT issues)
Let me know if you want any more detail on how mine is setup